Describes how to process and use audit records to improve data analysis.

Enabling Table Authorizations with Access Control Expressions

Describes how to set permissions for tables.

Permissions for MapR tables, column families, and columns are defined by Access Control
Expressions (ACEs). You can set permissions for tables when you create or edit tables. You
can set default permissions for column families when you create or edit tables, and you can
override these defaults when you create column families.

Note: When a user, group, or role requests to read data from, write data to, or append data to
a column, MapR-DB checks whether that user, group, or role has read or write permission for
the column family AND read or write permission for the column. By default, columns allow
read and write access to all users; in such cases, only the read or write permission for
the column family matters.

However, suppose that a table contains columns
col1 and col2 in column family
cf1, and these columns grant read and write permission only to the
table creator. A different user tries to write data to these columns. MapR-DB checks
whether this user has write permission on cf1 AND col1
AND col2. If the user does not have all three permissions, MapR-DB
returns an error that says access for the write is denied.

If this user were to
try to read from the same two columns, MapR-DB would simply not return the data. If the
user tried to read from those two columns and additional columns on which he had read
permissions, the results would contain the data for those additional columns but exclude
the data for col1 and col2.